Overview

overview

10

Static

static

6472d2cfaa...80.exe

windows7-x64

10

6472d2cfaa...80.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6472d2cfaaa676343fbae8c760b59d02ec5df9ba48955a5f9ae77459ad1dce80

  • Size

    272KB

  • Sample

    221203-2jvfcsfe5z

  • MD5

    083da2b76ab860b8db550f3bb059d500

  • SHA1

    64178b9f2d9b95859ea9b72871a368452ab62805

  • SHA256

    6472d2cfaaa676343fbae8c760b59d02ec5df9ba48955a5f9ae77459ad1dce80

  • SHA512

    662b6c26b19405ff88eb29c1227f707c6f9d429f31c4f6fa427ea7e699cf015f1b95a84dfde53307240ba35e3877b44b97a9be7f5c5a9bf45a82beb885187dc8

  • SSDEEP

    6144:j+GlgezMS9FR1eTboMMZdbqsynHZ8uGjJZ9q6+pcaQM/6:jgezFL5rusKotZ9q5P/

Score
10/10
gh0stratbootkitpersistencerat

Malware Config

Targets

    • Target

      6472d2cfaaa676343fbae8c760b59d02ec5df9ba48955a5f9ae77459ad1dce80

    • Size

      272KB

    • MD5

      083da2b76ab860b8db550f3bb059d500

    • SHA1

      64178b9f2d9b95859ea9b72871a368452ab62805

    • SHA256

      6472d2cfaaa676343fbae8c760b59d02ec5df9ba48955a5f9ae77459ad1dce80

    • SHA512

      662b6c26b19405ff88eb29c1227f707c6f9d429f31c4f6fa427ea7e699cf015f1b95a84dfde53307240ba35e3877b44b97a9be7f5c5a9bf45a82beb885187dc8

    • SSDEEP

      6144:j+GlgezMS9FR1eTboMMZdbqsynHZ8uGjJZ9q6+pcaQM/6:jgezFL5rusKotZ9q5P/

    Score
    10/10
    gh0stratbootkitpersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks